[openstack-dev] [Fuel-dev] access-control-master-node

David Easter deaster at mirantis.com
Tue May 27 15:08:36 UTC 2014 

The other challenge of utilizing Keystone is which one to use.  Fuel enables
the deployment of multiple cloud environments from one UI; so when accessing
the Fuel Master Node, it would be ambiguous which already deployed Keystone
to contact for authentication.  If/When Triple-O is utilized, one could
perhaps see designating the Keystone of the undercloud; but that¹s more a
future requirement.

For now, I¹d suggest an internal authentication in the immediate short term.
External auth sources can be added in future milestones ­ most likely an
LDAP source that¹s outside the deployed clouds and designated by IT.

Thanks,

- David J. Easter
  Director of Product Management, Mirantis

From:  Jesse Pretorius <jesse.pretorius at gmail.com>
Reply-To:  "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev at lists.openstack.org>
Date:  Tuesday, May 27, 2014 at 7:43 AM
To:  "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev at lists.openstack.org>
Subject:  Re: [openstack-dev] [Fuel-dev] access-control-master-node

On 27 May 2014 13:42, Lukasz Oles <loles at mirantis.com> wrote:
> Hello fuelers,
> 
> we(I and Kamil) would like start discussion about "Enforce access control for
> Fuel UI" blueprint
> https://blueprints.launchpad.net/fuel/+spec/access-control-master-node.
> 
> First question to David, as he proposed this bp. Do you want to add more
> requirements?
> 
> To all. What do you think about using keystone as authorization tool? We
> described all pros/cons in the specification.

I would suggest both an internal authentication database and the option of
plugging additional options in, with keystone being one of them and perhaps
something like oauth being another.

Keystone may not be available at the time of the build, or accessible from
the network that's used for the initial build.
_______________________________________________ OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140527/d5d2d06d/attachment.html>

More information about the OpenStack-dev mailing list